> Does anyone here have any recomendations for shopping cart software?
In the past few days one person, Luciano Ramos at ">luciano@MOS.COM.AR,
forwarded email supposedly posted by ">joe@blarg.net to Bugtrak on April 11
claiming that the Dansie Shopping Cart software (as of version 3.03) has
a Trojan in it that allows anyone who knows the special form name to
execute any command on a server running it. (Search for "there" in the
Perl source.) Bugtrak is a well-known mailing list for security
problems that everyone should be subscribed to.*
This amounts to a "static password back door". While Dansie denies this
they do admit to have gone to the trouble to encrypt a piece of code to it
that will sometimes send email to tech@dansie.net. While Dansie claims
that this is for anti-piracy purposes, the fact that this too is undocumented
certainly would scare me away from it if I were in the market for it.
Walnut Creek (www.cdrom.com) that sells Free BSD and Slackware until the
latter was spun off uses a free package that they have pointers to. As
a customer I'm impressed with the quality of this package.
* To subscribe to Bugtrak send mail to ">LISTSERV@NETSPACE.ORG with the body
of the mail being
SUBscribe BUGTRAQ
Complete instructions for using the list, including posting, will be
sent to you. It is 1000-2000 lines a week but the Table of Contents
allow easy deciding if anything applies to your arrangement.
Bob Toxen
">bob@cavu.com
http://www.cavu.com
Fly-By-Day Consulting, Inc. "Don't go with a fly-by-night outfit!"
Quality Linux & UNIX software consulting since 1990.
No Microsoft programs were used in the creation or distribution of this
message.
--
To unsubscribe: mail ">majordomo@ale.org with "unsubscribe ale" in message body.